一旦达到密码限制,如何让 cryptsetup 放弃驱动器?

一旦达到密码限制,如何让 cryptsetup 放弃驱动器?

我想设置我的加密根分区,这样如果存在带有密钥文件的 USB 闪存驱动器,它就可以自动解密,否则会要求输入密码。但是有一件事阻止我进行设置:如果密码输入失败(因为没有 USB 驱动器),cryptsetup 将进入睡眠状态。我怎样才能让它放弃尝试并转到下一行 crypttab(即通过手动输入密码进行解密)?感谢您的帮助!

答案1

对于某些版本的 cryptsetup,Nofail 无法识别为 crypttab 中的选项,但可以使用 check 和 checkargs 编写脚本来查看磁盘是否存在。从man crypttab

   check[=<check>]
       Check the content of the target device by a suitable program; if the check fails, the device is closed immediately. The program is being run with decrypted volume (target device) as first positional
       argument and, if the checkargs option is used, its value as second argument. See the CHECKSCRIPTS section for more information.

       The program is either specified by full path or relative to /lib/cryptsetup/checks/. If omitted, then the value of $CRYPTDISKS_CHECK set in /etc/default/cryptdisks is used (blkid by default).

       This option is specific to the Debian crypttab format. It's not supported by systemd.

   checkargs=<arguments>
       Give <arguments> as the second argument to the check script. See the CHECKSCRIPTS section for more information.

       This option is specific to the Debian crypttab format. It's not supported by systemd.

相关内容